Converged security and networking to securely connect any user, device, or site to any workload or application.

Versa Secure Access Fabric Versa Zero Trust Everywhere Versa Titan Versa SASE Architecture Versa AI
SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

The Versa Networks Blog

Product & Engineering

Zero Trust Everywhere

dan-maier
By Dan Maier
Chief Marketing Officer, Versa Networks
April 19, 2023

Zero Trust is widely considered to be the future of security, but today it’s only used to protect remote workers. As hybrid work grows and people return to the office, many users and security teams are asking if they can use Zero Trust for their branch offices and campus sites as well.

Today, with the launch of Zero Trust Everywhere, Versa delivers an integrated Zero Trust Network Access (ZTNA) solution that works for both remote and onsite users. Zero Trust Everywhere delivers a superior security model across the entire enterprise, with a single point of management and assured user experience.

Zero Trust Adoption is Growing Fast

Zero Trust is widely considered to be the future of security, based on the idea that no user, device, or application should be trusted by default. Security and networking leaders are embracing this security strategy in greater and greater numbers – according to a recent report by Okta 97% of organizations they surveyed are either implementing or planning to adopt the approach, and over 50% have already implemented Zero Trust. This high level of interest in Zero Trust is driven by a growing set of security challenges that legacy “perimeter” oriented security approaches struggle to address, including the adoption of cloud computing, remote work, BYOD initiatives, and increasingly sophisticated cyber security threats.

Zero Trust vs Perimeter Security

Traditional security approaches were designed to protect the network perimeter by separating “trusted” from “untrusted” networks. In the campus network, these traditional security solutions are generally delivered by legacy Network Access Control (NAC), 802.1X, and VLAN products. The perimeter security approach they enforce assumes that users and devices within the corporate environment can be trusted. However, this assumption falls down in the face of common cyber threats, such as a compromised device or a user with stolen credentials who penetrates the network. In this case, an attacker has relatively easy access to a company’s privileged intranet to do things like move laterally, steal data, or deliver ransomware.

A Zero Trust approach on the other hand requires organizations to assume that their campus and branch networks are untrusted, and that a breach has either already occurred within the network or that it’s only a matter of time until it will. The Zero Trust security framework supports this approach by enforcing three core principles:

  1. No entity is trusted by default
  2. Least privilege access
  3. Continuous security monitoring

In a Zero Trust world, users and devices must be explicitly authenticated and authorized as trustworthy before being granted access. Access to resources should be granular at the application level, and granted based on the principle of least privilege, meaning that an entity is only given the minimum level of access necessary to perform their job. In addition, access is not “unconditional”, but rather is based on continuous monitoring of the device’s security posture, geographic location, and other contextual information. This means that if a device’s security posture should change, access could be revoked or limited. The result is that, with Zero Trust, compromised users and devices are much more restricted in their ability to move laterally or infect other devices due to their limited scope of access.

Hybrid Work in the Office – the Hole in Your Zero Trust Strategy

Today, as remote work evolves into “hybrid work”, many employees are returning to the office full time, or alternating between onsite and remote locations. According to a recent survey by Statista, 53% of U.S. workers reported working in a hybrid manner at the end of 2022.

Here’s the problem – most Zero Trust solutions today are cloud delivered. They are designed to protect REMOTE workers, but deactivate when the user is in an office. So when users come back to the office, they fall back under existing legacy perimeter-based security approaches.

But what about using cloud delivered Zero Trust services onsite?  This approach generally runs into problems, for a number of reasons:

  • Hairpinning (or tromboning) – traffic flows have to go out to the cloud and come back onsite
  • Inline inspection – going out to the cloud for inline malware or content inspection is slow and expensive
  • User-to-application performance – cloud-delivered ZTNA used onsite can add significant latency to private applications
  • Local resource access – headless devices on the local network such as printers and IP phones are difficult to reach
  • OT and IoT device security – these devices cannot host a Zero Trust client, making it hard for them to participate in a Zero Trust model for a campus or branch
  • Replacement of legacy security solutions – without the ability to see inline network traffic onsite, these Zero Trust solutions cannot completely replace legacy security systems

As a result, very few organizations have been able to achieve the vision of using a Zero Trust Network Access approach in an integrated fashion across their enterprise for all their users, whether remote or onsite.

Requirements for a Universal Zero Trust Strategy

Organizations that are looking for a holistic Zero Trust solution that can be applied across their enterprise for all their users need to expand their requirements. Some of these new requirements include:

  • Extend ZTNA to all users, from remote workers to workers in campus and branch office locations
  • Deliver ZTNA inline in the network, to provide acceptable user-to-application experience/performance
  • Support a spectrum of onsite use cases including ZTNA for unmanaged devices, BYOD, contractors, and 3rd party access scenarios
  • Support client and client-less access requirements
  • Support ZTNA for OT and IoT devices
  • Integration with leading Identity and Access Management (IAM) providers, including Active Directory
  • Integrate AI/ML-based behavior analysis and anomaly detection for users and devices
  • Manage all ZTNA policies from a single pane of glass and single policy repository
  • Integrate ZTNA into broader SSE (for internet/SaaS security) and SASE (for WAN edge optimization) platforms under a single pane of glass

What other requirements do you see for onsite ZTNA? Let me know at dmaier@versa-networks.com.

Introducing Versa Zero Trust Everywhere

Versa Zero Trust Everywhere ™ is the industry’s first solution delivering Zero Trust security for both remote and on-premises users, with optimized user-to-application performance. Versa is expanding its portfolio with two new products to deliver Zero Trust Everywhere:

  • Versa Zero Trust – Premises (ZT-Prem) is a secure access solution for branch and campus users connecting to applications and workloads hosted in the enterprise datacenters or private clouds. It applies granular, Zero Trust access policies to users and devices based on continuous assessment of identity, device posture, and application. The product is designed to be integrated into any campus or branch architecture as a standalone appliance.
  • Versa Software-Defined LAN (SD-LAN) modernizes the campus and branch LAN with a software-defined, hardware agnostic approach. It integrates with ZT-Prem to deliver an in-line ZTNA solution and an assured user-to-application experience. Key capabilities include switching and routing at line rate speeds with distributed adaptive micro-segmentation; inline Zero Trust policy enforcement at the user, device and application level; dynamic best-path traffic selection to optimize user-to-application experience; advanced automation; and AI/ML-based network and security anomaly detection.

These two new components integrate seamlessly with Versa’s existing cloud-delivered ZTNA solution (Versa Secure Private Access) as well as our traffic-engineered cloud SASE fabric (Versa SASE Fabric) to deliver an integrated ZTNA solution across the enterprise, managed from a single policy repository and management plane.

Versa Zero Trust Everywhere products

For more information on Versa Zero Trust Everywhere, please:


Topics





Recent Posts








Top Tags



Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.